Ransomware takes the spotlight this time showing up targeting Windows users, production servers and, specifically, drives commonly associated with removable devices and mapped network drives.

For more articles, check out our #onpatrol4malware blog.

malicious Microsoft Office documents

New Study: Hospital Breaches Could Be Killing Patients

Source: infosecurity

Data breaches at hospitals appear to be having a serious impact on patient care, increasing mortality rates for years after an incident, according to new research. Read more.


TrickBot variant “Anchor_DNS” communicating over DNS

Source: NTT Security

NTT has observed a TrickBot variant used in a campaign named Anchor_DNS and has been observed to be deployed on targets in the financial sector and high impact servers. Read more.


More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting

Source: TrendMicro

The threat group APT33 has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting against organizations. Read more.

malicious Microsoft Office documents

Strange AnteFrigus Ransomware Only Targets Specific Drives

Source: BleepingComputer

A new and strange ransomware called AnteFrigus is now being distributed through malvertising that redirects users to the the RIG exploit kit. Read more.


Cerberus – A new banking Trojan from the underworld

Source: Threat Fabric

In June 2019, ThreatFabric analysts found a new Android malware, dubbed “Cerberus”, being rented out on underground forums. Read more.


PureLocker: New Ransomware-as-a-Service Being Used in Targeted Attacks Against Servers

Source: Intezer

We have found a new and undetected ransomware threat that is being used for targeted attacks against production servers of enterprises. Read more.


Buran Ransomware; the Evolution of VegaLocker

Source: McAfee

McAfee’s Advanced Threat Research Team observed how a new ransomware family named ‘Buran’ appeared in May 2019. Buran works as a RaaS model like other ransomware families such as REVil, GandCrab (now defunct), Phobos, etc. Read more.

malicious Microsoft Office documents

Threat Alert: TCP Amplification Attacks

Source: Radware

Throughout 2019, Radware’s Threat Research Center (TRC) and Emergency Response Team (ERT) have been monitoring and defending against an increasing number of TCP reflection attacks. Read more.

malicious Microsoft Office documents

New JavaScript Skimmer ‘Pipka’ Targeting eCommerce Merchants Identified

Source: Visa

Visa PFD’s eTD program identified a new JavaScript skimmer that targets payment data entered into payment forms of eCommerce merchant websites. Read more.

malicious Microsoft Office documents

Experts report a rampant growth in the number of malicious, lookalike domains

Source: Security Affairs

Cyber security firm Venafi announced it has uncovered lookalike domains with valid TLS certificates that appear to target major retailers. Read more.

malicious Microsoft Office documents

Antivirus vendors and non-profits join to form ‘Coalition Against Stalkerware’

Source: ZDNet

Ten organizations today announced the creation of the Coalition Against Stalkerware, the first global initiative of its kind, with the sole purpose of fighting against stalkerware. Read more.


Fake Windows Update Spam Leads to Cyborg Ransomware and Its Builder

Source: Trustwave

Recently, fake Microsoft Windows Update emails contains just one sentence in its email body which starts with two capital letters. It directs the recipient’s attention to the attachment as the “latest critical update”. Read more.